Otkrivena su dva sigurnosna nedostatka vezana uz Cisco Secure Desktop koji se koristi kod VPN povezivanja tj. za zaštitu tijekom razdoblja razmjene podataka, stvaranjem sigurnog virtualnog korisničkog sučelja, i čišćenje osjetljivih podataka po završetku povezivanja. Oba su propusta vezana uz pogreške u radu "CSDWebInstallerCtrl" ActiveX kontrole (CSDWebInstaller.ocx). Napadaču omogućuju pokretanje proizvoljnog programskog koda, navođenjem korisnika na posjetu zlonamjerno oblikovane web stranice. Zasad nisu izdane odgovarajuće programske zakrpe, a o eventualnim promjenama korisnici će biti pravovremeno obaviješteni.

Cisco Secure Desktop CSDWebInstaller ActiveX Remote Code Execution

VUPEN ID 	VUPEN/ADV-2011-0513
CVE ID 	CVE-2011-0925 - CVE-2011-0926
 
CWE ID 	Available in VUPEN VNS Customer Area
CVSS V2 	Available in VUPEN VNS Customer Area
Rated as 	Critical 
Impact 	Available in VUPEN VNS Customer Area
Authentication Level 	Available in VUPEN VNS Customer Area
Access Vector 	Available in VUPEN VNS Customer Area
Release Date 	2011-02-28
Share 	Twitter LinkedIn Facebook Delicious Digg Slashdot

Technical Description

Two vulnerabilities have been identified in Cisco Secure Desktop, which could be exploited by remote attackers to compromise a vulnerable system.

The first issue is caused by an error in the "CSDWebInstallerCtrl" ActiveX control (CSDWebInstaller.ocx) when handling a Cisco-signed executable file named "inst.exe", which could allow attackers to exploit certain vulnerabilities in signed executable files.

The second vulnerability is caused by an error in the "CSDWebInstallerCtrl" ActiveX control (CSDWebInstaller.ocx) that does not properly verify the digital signature of an executable file that is downloaded and executed, which could allow attackers to execute arbitrary code by tricking a user into visiting a malicious web page.

Affected Products

Cisco Secure Desktop versions 3.x

Solution 

VUPEN Security is not aware of any vendor-supplied patch.

References

http://www.vupen.com/english/advisories/2011/0513
http://www.zerodayinitiative.com/advisories/ZDI-11-091/
http://www.zerodayinitiative.com/advisories/ZDI-11-092/

Credits 

Vulnerabilities reported by TippingPoint ZDI.

Changelog 

2011-02-28 : Initial release